Title: kubernetes log Date: 2021-05-24 10:20 Category: k8s. Tags: k8s, docker Slug: kubernetes-log-journal Author: someone Summary: kubernetes log journal
kubernetes log journal
Tag docker image
docker tag <existing-image> <registry-url>/<image-name>:<version>
example
docker tag video-streaming:latest registry.gitlab.com/learning_hsrp/book1/video-streaming:latest
Push the image to the private image registry
docker push registry.gitlab.com/learning_hsrp/book1/video-streaming
Run the image
docker run -p 3000:3000 registry.gitlab.com/learning_hsrp/book1/video-streaming
Unable to find image 'registry.gitlab.com/learning_hsrp/book1/video-streaming:latest' locally latest: Pulling from learning_hsrp/book1/video-streaming Digest: sha256:9bd3869ffd07e8985860b8b2f0502b6be2052c1bc08dc08c81832d3b93abedf9 Status: Downloaded newer image for registry.gitlab.com/learning_hsrp/book1/video-streaming:latest > [email protected] start /usr/src/app > node ./src/index.js
Microservice listening on port 3000, point your browser at http://localhost:3000/video
mongodb database
> use videos
> db.videos.insertOne({"_id" : ObjectId( "5d9e690ad76fe06a3d7ae416" ), "videoPath" : "SampleVideo_1280x720_1mb.mp4"})
{
"acknowledged" : true,
"insertedId" : ObjectId("5d9e690ad76fe06a3d7ae416")
}
>
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
video-streaming 0.000GB
Install kubernetes dashboard
root@node1:~# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
Check kubernetes serviceaccounts
root@node1:~# kubectl get serviceaccount -n kube-system NAME SECRETS AGE admin-user 1 2m16s attachdetach-controller 1 39d bootstrap-signer 1 39d calico-kube-controllers 1 39d calico-node 1 39d certificate-controller 1 39d clusterrole-aggregation-controller 1 39d coredns 1 39d cronjob-controller 1 39d daemon-set-controller 1 39d default 1 39d deployment-controller 1 39d disruption-controller 1 39d dns-autoscaler 1 39d endpoint-controller 1 39d endpointslice-controller 1 39d endpointslicemirroring-controller 1 39d ephemeral-volume-controller 1 39d expand-controller 1 39d generic-garbage-collector 1 39d horizontal-pod-autoscaler 1 39d job-controller 1 39d kube-proxy 1 39d namespace-controller 1 39d node-controller 1 39d nodelocaldns 1 39d persistent-volume-binder 1 39d pod-garbage-collector 1 39d pv-protection-controller 1 39d pvc-protection-controller 1 39d replicaset-controller 1 39d replication-controller 1 39d resourcequota-controller 1 39d root-ca-cert-publisher 1 39d service-account-controller 1 39d service-controller 1 39d statefulset-controller 1 39d token-cleaner 1 39d ttl-after-finished-controller 1 39d ttl-controller 1 39d
Check secrets in the kube-system namespace
root@node1:~# kubectl get secrets -n kube-system NAME TYPE DATA AGE admin-user-token-tb9cq kubernetes.io/service-account-token 3 2m34s attachdetach-controller-token-7bhvn kubernetes.io/service-account-token 3 39d bootstrap-signer-token-dmwvs kubernetes.io/service-account-token 3 39d calico-kube-controllers-token-hk4kr kubernetes.io/service-account-token 3 39d calico-node-token-hj4w6 kubernetes.io/service-account-token 3 39d certificate-controller-token-vdl69 kubernetes.io/service-account-token 3 39d clusterrole-aggregation-controller-token-nx8dr kubernetes.io/service-account-token 3 39d coredns-token-6pk2v kubernetes.io/service-account-token 3 39d cronjob-controller-token-zswjv kubernetes.io/service-account-token 3 39d daemon-set-controller-token-lfrrn kubernetes.io/service-account-token 3 39d default-token-9pxp4 kubernetes.io/service-account-token 3 39d deployment-controller-token-npjzn kubernetes.io/service-account-token 3 39d disruption-controller-token-c29xr kubernetes.io/service-account-token 3 39d dns-autoscaler-token-w8td6 kubernetes.io/service-account-token 3 39d endpoint-controller-token-fqn5h kubernetes.io/service-account-token 3 39d endpointslice-controller-token-8sbbp kubernetes.io/service-account-token 3 39d endpointslicemirroring-controller-token-xb9gc kubernetes.io/service-account-token 3 39d ephemeral-volume-controller-token-j8m8g kubernetes.io/service-account-token 3 39d expand-controller-token-9mcsb kubernetes.io/service-account-token 3 39d generic-garbage-collector-token-2grw5 kubernetes.io/service-account-token 3 39d horizontal-pod-autoscaler-token-k9dph kubernetes.io/service-account-token 3 39d job-controller-token-xstvw kubernetes.io/service-account-token 3 39d kube-proxy-token-wmbzz kubernetes.io/service-account-token 3 39d namespace-controller-token-7kzlw kubernetes.io/service-account-token 3 39d node-controller-token-wzvrn kubernetes.io/service-account-token 3 39d nodelocaldns-token-58ngn kubernetes.io/service-account-token 3 39d persistent-volume-binder-token-nqq9n kubernetes.io/service-account-token 3 39d pod-garbage-collector-token-h97n2 kubernetes.io/service-account-token 3 39d pv-protection-controller-token-jzxdt kubernetes.io/service-account-token 3 39d pvc-protection-controller-token-cddxr kubernetes.io/service-account-token 3 39d replicaset-controller-token-7272l kubernetes.io/service-account-token 3 39d replication-controller-token-xn5pp kubernetes.io/service-account-token 3 39d resourcequota-controller-token-pp542 kubernetes.io/service-account-token 3 39d root-ca-cert-publisher-token-w26q5 kubernetes.io/service-account-token 3 39d service-account-controller-token-2jmdx kubernetes.io/service-account-token 3 39d service-controller-token-8jkf4 kubernetes.io/service-account-token 3 39d statefulset-controller-token-w55lg kubernetes.io/service-account-token 3 39d token-cleaner-token-lgvm2 kubernetes.io/service-account-token 3 39d ttl-after-finished-controller-token-x9fbc kubernetes.io/service-account-token 3 39d ttl-controller-token-gsltn kubernetes.io/service-account-token 3 39d
Get the admin-user token
root@node1:~# kubectl describe secret -n kube-system admin-user-token-44444
Name: admin-user-token-44444
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 44444444-4444-4441-4444-444444444444
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImxMUFlQTWlsV3BWMXMyZDN0Y0ZvUnBfZHY0T3ZEWDFsR1N0TkxNWHh5aFkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lcRDNA2hA_eJuu49vnrDp8rZOCaIkCRFAImk0P5qMTQ4vQcZeiJjDfOqTY4RunKJGrsFdaU1uHuB8tUbNjwvU-ZaM0hMMtCylxwrU-CU53MlNd1DsdZ8ijmPgZA
Login to the http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/deployment?namespace=default with the token above
Build and push azure-storage image
$ docker build --tag registry.gitlab.com/learning_hsrp/book1/azure-storage:latest . $ docker push registry.gitlab.com/learning_hsrp/book1/azure-storage:latest The push refers to repository [registry.gitlab.com/learning_hsrp/book1/azure-storage] e40ac9fdab60: Pushed a56db3150ac8: Pushed 9df66063b196: Pushed 2c14c8479076: Pushed 501154e4b55f: Mounted from learning_hsrp/book1/video-streaming 54b8a9e61578: Mounted from learning_hsrp/book1/video-streaming 4ece4c4c93ba: Mounted from learning_hsrp/book1/video-streaming 3e207b409db3: Mounted from learning_hsrp/book1/video-streaming latest: digest: sha256:a2023192b2c3cff88feaddd7c0141227e8fafff8a64ff7a419594f5e77f021a9 size: 1993
Build and push video-streaming image
docker build --tag registry.gitlab.com/learning_hsrp/book1/video-streaming:latest . Sending build context to Docker daemon 106kB Step 1/6 : FROM node:12.18.1-alpine ---> 06a4a7b5263d Step 2/6 : WORKDIR /usr/src/app ---> Using cache ---> d87c615b04b9 Step 3/6 : COPY package*.json ./ ---> 4489f099b125 Step 4/6 : RUN npm install --only=production ---> Running in 842caabd4dc3 npm WARN [email protected] No description npm WARN [email protected] No repository field. added 55 packages from 40 contributors and audited 337 packages in 2.478s found 108 vulnerabilities (106 low, 2 high) run `npm audit fix` to fix them, or `npm audit` for details Removing intermediate container 842caabd4dc3 ---> 397d42f5b572 Step 5/6 : COPY ./src ./src ---> b7faef54b080 Step 6/6 : CMD npm start ---> Running in a3f71354b75b Removing intermediate container a3f71354b75b ---> 0fd42e792b8b Successfully built 0fd42e792b8b Successfully tagged registry.gitlab.com/learning_hsrp/book1/video-streaming:latest docker push registry.gitlab.com/learning_hsrp/book1/video-streaming:latest The push refers to repository [registry.gitlab.com/learning_hsrp/book1/video-streaming] 2151241e7ece: Pushed 7df7bfa0a08a: Pushed ca6b2f5ccd00: Pushed 2c14c8479076: Mounted from learning_hsrp/book1/azure-storage 501154e4b55f: Layer already exists 54b8a9e61578: Layer already exists 4ece4c4c93ba: Layer already exists 3e207b409db3: Layer already exists latest: digest: sha256:4b7b016abc8c55d94c79ac0997bfbc222c907182c56bba80f72755225be15bca size: 1993
Log in to the private image registry
$ docker login registry.gitlab.com/learning_hsrp/book1 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in .docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
Create a secret for k8s to login to the registry above
$ kubectl create secret generic regcred --from-file=.dockerconfigjson=.docker/config.json --type=kubernetes.io/dockerconfigjson secret/regcred created
Check the secret
$ kubectl get secret regcred --output=yaml
apiVersion: v1
data:
.dockerconfigjson: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBCCCC
kind: Secret
metadata:
creationTimestamp: "2021-05-24T01:23:55Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:.dockerconfigjson: {}
f:type: {}
manager: kubectl-create
operation: Update
time: "2021-05-24T01:23:55Z"
name: regcred
namespace: default
resourceVersion: "6181932"
uid: ac0fca82-caf4-4225-beb8-939d5ce95c44
type: kubernetes.io/dockerconfigjson
Check authentication data
$ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBCCCC'| base64 -d
{
"auths": {
"gitlab.com": {
"auth": "JJJJJJJJJJJJJJJJJJJJJJJJJJ"
},
"registry.gitlab.com": {
"auth": "JJJJJJJJJJJJJJJJJJJJJJJJJJ"
}
}
Expose deployment $ kubectl expose deployment db
Proxy from k8s to localhost
kubectl port-forward deployment/db 27017:27017 Forwarding from 127.0.0.1:27017 -> 27017 Forwarding from [::1]:27017 -> 27017
Populate mongodb with data
$ mongo localhost
MongoDB shell version v4.4.6
> use videos
switched to db videos
> db.videos.insertOne({"_id" : ObjectId( "5d9e690ad76fe06a3d7ae416" ), "videoPath" : "SampleVideo_1280x720_1mb.mp4"})
{
"acknowledged" : true,
"insertedId" : ObjectId("5d9e690ad76fe06a3d7ae416")
}
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
localhost 0.000GB
videos 0.000GB
Expose deployment with type LoadBalancer
$ kubectl expose deployment video-streaming --type=LoadBalancer service/video-streaming exposed
Check exposed services
$ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE db ClusterIP 10.233.2.19 <none> 27017/TCP 27m kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 40d video-streaming LoadBalancer 10.233.45.180 276.48.266.0 3000:31671/TCP 78s
Access video-streaming service at http://276.48.266.0:3000/video?id=5d9e690ad76fe06a3d7ae416
Expose azure-storage as a service
$kubectl expose deployment azure-storage --name video-storage --port 8080 --target-port=80 service/video-storage exposed
mongo.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: db
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo:latest
ports:
- containerPort: 27017
$ cat video-storage.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: azure-storage
spec:
replicas: 3
selector:
matchLabels:
app: azure-storage
template:
metadata:
labels:
app: azure-storage
spec:
containers:
- name: azure-storage
image: registry.gitlab.com/learning_hsrp/book1/azure-storage
ports:
- containerPort: 80
env:
- name: PORT
value: "80"
- name: STORAGE_ACCOUNT_NAME
value: "user"
- name: STORAGE_ACCESS_KEY
value: "pass"
imagePullSecrets:
- name: regcred
$ cat video.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: video-streaming
spec:
replicas: 3
selector:
matchLabels:
app: video-streaming
template:
metadata:
labels:
app: video-streaming
spec:
containers:
- name: video-streaming
image: registry.gitlab.com/learning_hsrp/book1/video-streaming
ports:
- containerPort: 3000
env:
- name: PORT
value: "3000"
- name: VIDEO_STORAGE_HOST
value: "video-storage"
- name: VIDEO_STORAGE_PORT
value: "8080"
- name: DBHOST
value: "mongodb://db:27017"
- name: DBNAME
value: "videos"
imagePullSecrets:
- name: regcred